On 4/17/13 10:29 AM, Daniele Ricci wrote: > Hi list! > I'm developing a messaging application based on XMPP [1], focusing on > community, privacy and security. > What I want to discuss here is I've decided to use OpenPGP keys to > encrypt data between users. Also it would be optimal to use those keys > to authenticate against servers too. > > I started by implementing a very simple (and unsafe) SASL mechanism, a > simple challenge/response method (like SSHv1). But things are getting > a little more complicated, and since this application is targeted > mostly to mobile devices, authenticating in-band of an XML stream > would be a huge waste of network traffic. A server-side working > implementation based on Twisted can be found on xmppserver repository > [2]. > > Before even considering a SASL mechanism, I bumped into RFC 6091 [3], > namely "Using OpenPGP Keys for Transport Layer Security (TLS) > Authentication". This protocol would save bandwidth but lacks of > implementations (only GnuTLS implements this - and only the mainstream > C version, so no bindings). > > Because Kontalk aims to target multiple platforms, this RFC will > require many implementations to be written (e.g. Android would require > - for example - a separate Bouncycastle implementation). > On the other hand, a SASL mechanism requires an application level > implementation (that is, it's already part of the XML stream, easier > to implement - but no standard present yet). > > Another option would be put into a X.509 certificate the PGP key as a > blob (quite a workaround eh?), but I prefer not to consider that :-) > > The question is: SASL or TLS? > As I mentioned on the Telepathy list, I recommend RFC 6091 + SASL EXTERNAL.
Peter
